mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-07-25 20:53:33 +00:00
Merge pull request #79310 from draveness/feature/cleanup-KubeletPluginsWatcher-feature-gates
feat: cleanup feature gates for KubeletPluginsWatcher
This commit is contained in:
commit
2109c1a7a3
@ -303,13 +303,6 @@ const (
|
|||||||
// Only applicable if the VolumeSubpath feature is also enabled
|
// Only applicable if the VolumeSubpath feature is also enabled
|
||||||
VolumeSubpathEnvExpansion featuregate.Feature = "VolumeSubpathEnvExpansion"
|
VolumeSubpathEnvExpansion featuregate.Feature = "VolumeSubpathEnvExpansion"
|
||||||
|
|
||||||
// owner: @vikaschoudhary16
|
|
||||||
// GA: v1.13
|
|
||||||
//
|
|
||||||
//
|
|
||||||
// Enable probe based plugin watcher utility for discovering Kubelet plugins
|
|
||||||
KubeletPluginsWatcher featuregate.Feature = "KubeletPluginsWatcher"
|
|
||||||
|
|
||||||
// owner: @vikaschoudhary16
|
// owner: @vikaschoudhary16
|
||||||
// beta: v1.12
|
// beta: v1.12
|
||||||
//
|
//
|
||||||
@ -520,7 +513,6 @@ var defaultKubernetesFeatureGates = map[featuregate.Feature]featuregate.FeatureS
|
|||||||
VolumeSubpath: {Default: true, PreRelease: featuregate.GA},
|
VolumeSubpath: {Default: true, PreRelease: featuregate.GA},
|
||||||
BalanceAttachedNodeVolumes: {Default: false, PreRelease: featuregate.Alpha},
|
BalanceAttachedNodeVolumes: {Default: false, PreRelease: featuregate.Alpha},
|
||||||
VolumeSubpathEnvExpansion: {Default: true, PreRelease: featuregate.Beta},
|
VolumeSubpathEnvExpansion: {Default: true, PreRelease: featuregate.Beta},
|
||||||
KubeletPluginsWatcher: {Default: true, PreRelease: featuregate.GA, LockToDefault: true}, // remove in 1.16
|
|
||||||
ResourceQuotaScopeSelectors: {Default: true, PreRelease: featuregate.Beta},
|
ResourceQuotaScopeSelectors: {Default: true, PreRelease: featuregate.Beta},
|
||||||
CSIBlockVolume: {Default: true, PreRelease: featuregate.Beta},
|
CSIBlockVolume: {Default: true, PreRelease: featuregate.Beta},
|
||||||
CSIInlineVolume: {Default: false, PreRelease: featuregate.Alpha},
|
CSIInlineVolume: {Default: false, PreRelease: featuregate.Alpha},
|
||||||
|
@ -537,7 +537,6 @@ func NewMainKubelet(kubeCfg *kubeletconfiginternal.KubeletConfiguration,
|
|||||||
experimentalHostUserNamespaceDefaulting: utilfeature.DefaultFeatureGate.Enabled(features.ExperimentalHostUserNamespaceDefaultingGate),
|
experimentalHostUserNamespaceDefaulting: utilfeature.DefaultFeatureGate.Enabled(features.ExperimentalHostUserNamespaceDefaultingGate),
|
||||||
keepTerminatedPodVolumes: keepTerminatedPodVolumes,
|
keepTerminatedPodVolumes: keepTerminatedPodVolumes,
|
||||||
nodeStatusMaxImages: nodeStatusMaxImages,
|
nodeStatusMaxImages: nodeStatusMaxImages,
|
||||||
enablePluginsWatcher: utilfeature.DefaultFeatureGate.Enabled(features.KubeletPluginsWatcher),
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if klet.cloud != nil {
|
if klet.cloud != nil {
|
||||||
@ -785,13 +784,11 @@ func NewMainKubelet(kubeCfg *kubeletconfiginternal.KubeletConfiguration,
|
|||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, err
|
return nil, err
|
||||||
}
|
}
|
||||||
if klet.enablePluginsWatcher {
|
klet.pluginManager = pluginmanager.NewPluginManager(
|
||||||
klet.pluginManager = pluginmanager.NewPluginManager(
|
klet.getPluginsRegistrationDir(), /* sockDir */
|
||||||
klet.getPluginsRegistrationDir(), /* sockDir */
|
klet.getPluginsDir(), /* deprecatedSockDir */
|
||||||
klet.getPluginsDir(), /* deprecatedSockDir */
|
kubeDeps.Recorder,
|
||||||
kubeDeps.Recorder,
|
)
|
||||||
)
|
|
||||||
}
|
|
||||||
|
|
||||||
// If the experimentalMounterPathFlag is set, we do not want to
|
// If the experimentalMounterPathFlag is set, we do not want to
|
||||||
// check node capabilities since the mount path is not the default
|
// check node capabilities since the mount path is not the default
|
||||||
@ -1210,9 +1207,6 @@ type Kubelet struct {
|
|||||||
// This flag sets a maximum number of images to report in the node status.
|
// This flag sets a maximum number of images to report in the node status.
|
||||||
nodeStatusMaxImages int32
|
nodeStatusMaxImages int32
|
||||||
|
|
||||||
// This flag indicates that kubelet should start plugin watcher utility server for discovering Kubelet plugins
|
|
||||||
enablePluginsWatcher bool
|
|
||||||
|
|
||||||
// Handles RuntimeClass objects for the Kubelet.
|
// Handles RuntimeClass objects for the Kubelet.
|
||||||
runtimeClassManager *runtimeclass.Manager
|
runtimeClassManager *runtimeclass.Manager
|
||||||
}
|
}
|
||||||
@ -1375,15 +1369,13 @@ func (kl *Kubelet) initializeRuntimeDependentModules() {
|
|||||||
// container log manager must start after container runtime is up to retrieve information from container runtime
|
// container log manager must start after container runtime is up to retrieve information from container runtime
|
||||||
// and inform container to reopen log file after log rotation.
|
// and inform container to reopen log file after log rotation.
|
||||||
kl.containerLogManager.Start()
|
kl.containerLogManager.Start()
|
||||||
if kl.enablePluginsWatcher {
|
// Adding Registration Callback function for CSI Driver
|
||||||
// Adding Registration Callback function for CSI Driver
|
kl.pluginManager.AddHandler(pluginwatcherapi.CSIPlugin, plugincache.PluginHandler(csi.PluginHandler))
|
||||||
kl.pluginManager.AddHandler(pluginwatcherapi.CSIPlugin, plugincache.PluginHandler(csi.PluginHandler))
|
// Adding Registration Callback function for Device Manager
|
||||||
// Adding Registration Callback function for Device Manager
|
kl.pluginManager.AddHandler(pluginwatcherapi.DevicePlugin, kl.containerManager.GetPluginRegistrationHandler())
|
||||||
kl.pluginManager.AddHandler(pluginwatcherapi.DevicePlugin, kl.containerManager.GetPluginRegistrationHandler())
|
// Start the plugin manager
|
||||||
// Start the plugin manager
|
klog.V(4).Infof("starting plugin manager")
|
||||||
klog.V(4).Infof("starting plugin manager")
|
go kl.pluginManager.Run(kl.sourcesReady, wait.NeverStop)
|
||||||
go kl.pluginManager.Run(kl.sourcesReady, wait.NeverStop)
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Run starts the kubelet reacting to config updates
|
// Run starts the kubelet reacting to config updates
|
||||||
|
@ -32,9 +32,7 @@ import (
|
|||||||
"k8s.io/apimachinery/pkg/api/resource"
|
"k8s.io/apimachinery/pkg/api/resource"
|
||||||
utilversion "k8s.io/apimachinery/pkg/util/version"
|
utilversion "k8s.io/apimachinery/pkg/util/version"
|
||||||
"k8s.io/apimachinery/pkg/util/wait"
|
"k8s.io/apimachinery/pkg/util/wait"
|
||||||
utilfeature "k8s.io/apiserver/pkg/util/feature"
|
|
||||||
"k8s.io/klog"
|
"k8s.io/klog"
|
||||||
"k8s.io/kubernetes/pkg/features"
|
|
||||||
"k8s.io/kubernetes/pkg/volume"
|
"k8s.io/kubernetes/pkg/volume"
|
||||||
csipbv0 "k8s.io/kubernetes/pkg/volume/csi/csiv0"
|
csipbv0 "k8s.io/kubernetes/pkg/volume/csi/csiv0"
|
||||||
)
|
)
|
||||||
@ -158,16 +156,14 @@ func newCsiDriverClient(driverName csiDriverName) (*csiDriverClient, error) {
|
|||||||
|
|
||||||
addr := fmt.Sprintf(csiAddrTemplate, driverName)
|
addr := fmt.Sprintf(csiAddrTemplate, driverName)
|
||||||
requiresV0Client := true
|
requiresV0Client := true
|
||||||
if utilfeature.DefaultFeatureGate.Enabled(features.KubeletPluginsWatcher) {
|
existingDriver, driverExists := csiDrivers.Get(string(driverName))
|
||||||
existingDriver, driverExists := csiDrivers.Get(string(driverName))
|
if !driverExists {
|
||||||
if !driverExists {
|
return nil, fmt.Errorf("driver name %s not found in the list of registered CSI drivers", driverName)
|
||||||
return nil, fmt.Errorf("driver name %s not found in the list of registered CSI drivers", driverName)
|
|
||||||
}
|
|
||||||
|
|
||||||
addr = existingDriver.endpoint
|
|
||||||
requiresV0Client = versionRequiresV0Client(existingDriver.highestSupportedVersion)
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
addr = existingDriver.endpoint
|
||||||
|
requiresV0Client = versionRequiresV0Client(existingDriver.highestSupportedVersion)
|
||||||
|
|
||||||
nodeV1ClientCreator := newV1NodeClient
|
nodeV1ClientCreator := newV1NodeClient
|
||||||
nodeV0ClientCreator := newV0NodeClient
|
nodeV0ClientCreator := newV0NodeClient
|
||||||
if requiresV0Client {
|
if requiresV0Client {
|
||||||
|
@ -155,10 +155,10 @@ func (p *Plugin) Admit(a admission.Attributes, o admission.ObjectInterfaces) err
|
|||||||
return admission.NewForbidden(a, fmt.Errorf("disabled by feature gate %s", features.NodeLease))
|
return admission.NewForbidden(a, fmt.Errorf("disabled by feature gate %s", features.NodeLease))
|
||||||
|
|
||||||
case csiNodeResource:
|
case csiNodeResource:
|
||||||
if p.features.Enabled(features.KubeletPluginsWatcher) && p.features.Enabled(features.CSINodeInfo) {
|
if p.features.Enabled(features.CSINodeInfo) {
|
||||||
return p.admitCSINode(nodeName, a)
|
return p.admitCSINode(nodeName, a)
|
||||||
}
|
}
|
||||||
return admission.NewForbidden(a, fmt.Errorf("disabled by feature gates %s and %s", features.KubeletPluginsWatcher, features.CSINodeInfo))
|
return admission.NewForbidden(a, fmt.Errorf("disabled by feature gates %s", features.CSINodeInfo))
|
||||||
|
|
||||||
default:
|
default:
|
||||||
return nil
|
return nil
|
||||||
|
@ -66,15 +66,9 @@ func init() {
|
|||||||
if err := leaseDisabledFeature.Add(map[featuregate.Feature]featuregate.FeatureSpec{features.NodeLease: {Default: false}}); err != nil {
|
if err := leaseDisabledFeature.Add(map[featuregate.Feature]featuregate.FeatureSpec{features.NodeLease: {Default: false}}); err != nil {
|
||||||
panic(err)
|
panic(err)
|
||||||
}
|
}
|
||||||
if err := csiNodeInfoEnabledFeature.Add(map[featuregate.Feature]featuregate.FeatureSpec{features.KubeletPluginsWatcher: {Default: true}}); err != nil {
|
|
||||||
panic(err)
|
|
||||||
}
|
|
||||||
if err := csiNodeInfoEnabledFeature.Add(map[featuregate.Feature]featuregate.FeatureSpec{features.CSINodeInfo: {Default: true}}); err != nil {
|
if err := csiNodeInfoEnabledFeature.Add(map[featuregate.Feature]featuregate.FeatureSpec{features.CSINodeInfo: {Default: true}}); err != nil {
|
||||||
panic(err)
|
panic(err)
|
||||||
}
|
}
|
||||||
if err := csiNodeInfoDisabledFeature.Add(map[featuregate.Feature]featuregate.FeatureSpec{features.KubeletPluginsWatcher: {Default: false}}); err != nil {
|
|
||||||
panic(err)
|
|
||||||
}
|
|
||||||
if err := csiNodeInfoDisabledFeature.Add(map[featuregate.Feature]featuregate.FeatureSpec{features.CSINodeInfo: {Default: false}}); err != nil {
|
if err := csiNodeInfoDisabledFeature.Add(map[featuregate.Feature]featuregate.FeatureSpec{features.CSINodeInfo: {Default: false}}); err != nil {
|
||||||
panic(err)
|
panic(err)
|
||||||
}
|
}
|
||||||
@ -1170,7 +1164,7 @@ func Test_nodePlugin_Admit(t *testing.T) {
|
|||||||
name: "disallowed create CSINode - feature disabled",
|
name: "disallowed create CSINode - feature disabled",
|
||||||
attributes: admission.NewAttributesRecord(nodeInfo, nil, csiNodeKind, nodeInfo.Namespace, nodeInfo.Name, csiNodeResource, "", admission.Create, &metav1.CreateOptions{}, false, mynode),
|
attributes: admission.NewAttributesRecord(nodeInfo, nil, csiNodeKind, nodeInfo.Namespace, nodeInfo.Name, csiNodeResource, "", admission.Create, &metav1.CreateOptions{}, false, mynode),
|
||||||
features: csiNodeInfoDisabledFeature,
|
features: csiNodeInfoDisabledFeature,
|
||||||
err: fmt.Sprintf("forbidden: disabled by feature gates %s and %s", features.KubeletPluginsWatcher, features.CSINodeInfo),
|
err: fmt.Sprintf("forbidden: disabled by feature gates %s", features.CSINodeInfo),
|
||||||
},
|
},
|
||||||
{
|
{
|
||||||
name: "disallowed create another node's CSINode - feature enabled",
|
name: "disallowed create another node's CSINode - feature enabled",
|
||||||
|
@ -123,10 +123,10 @@ func (r *NodeAuthorizer) Authorize(attrs authorizer.Attributes) (authorizer.Deci
|
|||||||
}
|
}
|
||||||
return authorizer.DecisionNoOpinion, fmt.Sprintf("disabled by feature gate %s", features.NodeLease), nil
|
return authorizer.DecisionNoOpinion, fmt.Sprintf("disabled by feature gate %s", features.NodeLease), nil
|
||||||
case csiNodeResource:
|
case csiNodeResource:
|
||||||
if r.features.Enabled(features.KubeletPluginsWatcher) && r.features.Enabled(features.CSINodeInfo) {
|
if r.features.Enabled(features.CSINodeInfo) {
|
||||||
return r.authorizeCSINode(nodeName, attrs)
|
return r.authorizeCSINode(nodeName, attrs)
|
||||||
}
|
}
|
||||||
return authorizer.DecisionNoOpinion, fmt.Sprintf("disabled by feature gates %s and %s", features.KubeletPluginsWatcher, features.CSINodeInfo), nil
|
return authorizer.DecisionNoOpinion, fmt.Sprintf("disabled by feature gates %s", features.CSINodeInfo), nil
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -69,15 +69,9 @@ func init() {
|
|||||||
if err := leaseDisabledFeature.Add(map[featuregate.Feature]featuregate.FeatureSpec{features.NodeLease: {Default: false}}); err != nil {
|
if err := leaseDisabledFeature.Add(map[featuregate.Feature]featuregate.FeatureSpec{features.NodeLease: {Default: false}}); err != nil {
|
||||||
panic(err)
|
panic(err)
|
||||||
}
|
}
|
||||||
if err := csiNodeInfoEnabledFeature.Add(map[featuregate.Feature]featuregate.FeatureSpec{features.KubeletPluginsWatcher: {Default: true}}); err != nil {
|
|
||||||
panic(err)
|
|
||||||
}
|
|
||||||
if err := csiNodeInfoEnabledFeature.Add(map[featuregate.Feature]featuregate.FeatureSpec{features.CSINodeInfo: {Default: true}}); err != nil {
|
if err := csiNodeInfoEnabledFeature.Add(map[featuregate.Feature]featuregate.FeatureSpec{features.CSINodeInfo: {Default: true}}); err != nil {
|
||||||
panic(err)
|
panic(err)
|
||||||
}
|
}
|
||||||
if err := csiNodeInfoDisabledFeature.Add(map[featuregate.Feature]featuregate.FeatureSpec{features.KubeletPluginsWatcher: {Default: false}}); err != nil {
|
|
||||||
panic(err)
|
|
||||||
}
|
|
||||||
if err := csiNodeInfoDisabledFeature.Add(map[featuregate.Feature]featuregate.FeatureSpec{features.CSINodeInfo: {Default: false}}); err != nil {
|
if err := csiNodeInfoDisabledFeature.Add(map[featuregate.Feature]featuregate.FeatureSpec{features.CSINodeInfo: {Default: false}}); err != nil {
|
||||||
panic(err)
|
panic(err)
|
||||||
}
|
}
|
||||||
|
@ -164,8 +164,7 @@ func NodeRules() []rbacv1.PolicyRule {
|
|||||||
nodePolicyRules = append(nodePolicyRules, csiDriverRule)
|
nodePolicyRules = append(nodePolicyRules, csiDriverRule)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if utilfeature.DefaultFeatureGate.Enabled(features.KubeletPluginsWatcher) &&
|
if utilfeature.DefaultFeatureGate.Enabled(features.CSINodeInfo) {
|
||||||
utilfeature.DefaultFeatureGate.Enabled(features.CSINodeInfo) {
|
|
||||||
csiNodeInfoRule := rbacv1helpers.NewRule("get", "create", "update", "patch", "delete").Groups("storage.k8s.io").Resources("csinodes").RuleOrDie()
|
csiNodeInfoRule := rbacv1helpers.NewRule("get", "create", "update", "patch", "delete").Groups("storage.k8s.io").Resources("csinodes").RuleOrDie()
|
||||||
nodePolicyRules = append(nodePolicyRules, csiNodeInfoRule)
|
nodePolicyRules = append(nodePolicyRules, csiNodeInfoRule)
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user